Urban Institute · 1 day ago
Lead Cybersecurity Compliance Engineer
Washington, DC
Full-time
Onsite
Senior Level
$130K/yr - $160K/yr
5+ years expThe Urban Institute is a research-to-impact institution focused on improving lives and strengthening communities. They are seeking a Lead Cybersecurity Compliance Engineer to manage federal cybersecurity compliance for IT systems and cloud services, ensuring adherence to regulatory standards and overseeing vendor management and security assessments.
AdvocacyCommunities
Responsibilities
Manage the FedRAMP Moderate ATO process for designated Urban cloud systems. This includes coordinating security documentation (e.g. System Security Plans (SSPs), Gap Analysis, Privacy Impact Assessments (PIAs)), security assessment reports (SARs), continuous monitoring and required audit activities to meet the NIST-based FedRAMP baseline
Ensure that system architectures and configurations are designed to align with the required security controls for moderate-impact information
Lead cybersecurity contract reviews for all relevant IT procurements. Analyze and update agreements to include necessary security clauses, controls, and compliance requirements. Report on Urban’s ability to comply with contractual cybersecurity requirements and level of effort needed to comply where current systems do not meet contractual requirements
Procure and oversee third-party vendor activities. Organize and conduct vendor risk assessments and audits (including cloud providers and SaaS vendors), coordinate cross-functional vendor review meetings, and validate that vendors implement agreed-upon security controls. Maintain strong vendor relationships and verify third-party adherence to Urban’s security policies
Schedule and manage regular security testing and auditing activities for Urban’s FedRAMP environment. This includes arranging annual 3PAO audits, external penetration tests and vulnerability assessments, tracking remediation efforts, and reviewing internal audit findings
Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks with support from the Infrastructure and Security team and other Technology and Data Science team members, as necessary
Support incident response activities, root cause analysis, and reporting requirements
Ensure that all compliance documentation (e.g. plans of action and milestones (POA&Ms), security checklists) is up-to-date and accessible
Stay current with federal and industry cybersecurity regulations and frameworks (such as updates to FedRAMP, NIST guidelines, FISMA, etc.). Translate new requirements into actionable guidance for Urban
Coordinate briefings so that Urban teams understand their compliance obligations
Work closely with Technology and Data Science leadership, project managers, and stakeholders to integrate compliance requirements into projects and update or modify compliant systems as needed
Provide regular status updates on compliance efforts and report any security or compliance gaps to senior management. Serve as a subject-matter expert on compliance topics within the organization
Support the Infrastructure and Security team as needed for general cybersecurity needs and initiatives
Qualification
Required
At least 5 years of experience in cybersecurity or IT compliance, with a strong focus on federal security frameworks
Demonstrated experience preparing for and/or maintaining FedRAMP authorizations (especially Moderate or higher)
Bachelor's degree in Computer Science, Information Security, or a related field or equivalent experience
Prior experience creating and/or managing system security documentation (SSPs, SARs, POA&Ms) and implementing continuous monitoring programs
In-depth understanding of the NIST SP 800-53 Rev 5 security control framework, as well as familiarity with FISMA, OMB policies, and other relevant federal cybersecurity standards
Proven ability to conduct security reviews of contracts, identify required cybersecurity clauses, and manage vendor risk assessments
Strong written and verbal communication skills
Able to articulate complex security and compliance concepts clearly to technical and non-technical audiences
Experience writing policies, procedures, and/or playbooks
Benefits
Generous paid time off, including nine federal holidays
Medical (including prescription), dental and vision insurance
Transit benefits
403(b) retirement plan participation immediately after you’re hired and a generous employer contribution after six months of service and 500 hours, with immediate vesting
Access to a health advocate
Personal finance coaching
An Employee Assistance Program
Educational assistance for undergraduate and graduate degree programs
Company
Urban Institute
Urban Institute is a nonprofit dedicated to elevating the debate on social and economic policy.
501-1000 employees
H1B Sponsorship
Urban Institute has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (7)
2023 (4)
2022 (13)
2021 (3)
2020 (6)
Funding
Current Stage
Late StageTotal Funding
$2.38MKey Investors
American Student AssistanceFoundation for Opioid Response EffortsTipping Point Fund
2025-10-28Grant· $0.25M
2025-06-11Grant· $0.25M
2021-12-14Grant
Leadership Team
Laurie Goodman
Institute Fellow
Recent News
NH Business Review
2025-11-12
2025-10-27
Company data provided by crunchbase